| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/common/extensions/extension.h" | 5 #include "chrome/common/extensions/extension.h" |
| 6 | 6 |
| 7 #if defined(TOOLKIT_GTK) | 7 #if defined(TOOLKIT_GTK) |
| 8 #include <gtk/gtk.h> | 8 #include <gtk/gtk.h> |
| 9 #endif | 9 #endif |
| 10 | 10 |
| (...skipping 611 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 622 } | 622 } |
| 623 | 623 |
| 624 TEST_F(ExtensionManifestTest, HostedAppPermissions) { | 624 TEST_F(ExtensionManifestTest, HostedAppPermissions) { |
| 625 std::string error; | 625 std::string error; |
| 626 scoped_ptr<DictionaryValue> manifest( | 626 scoped_ptr<DictionaryValue> manifest( |
| 627 LoadManifestFile("hosted_app_absolute_options.json", &error)); | 627 LoadManifestFile("hosted_app_absolute_options.json", &error)); |
| 628 ASSERT_TRUE(manifest.get()); | 628 ASSERT_TRUE(manifest.get()); |
| 629 ListValue* permissions = NULL; | 629 ListValue* permissions = NULL; |
| 630 ASSERT_TRUE(manifest->GetList("permissions", &permissions)); | 630 ASSERT_TRUE(manifest->GetList("permissions", &permissions)); |
| 631 | 631 |
| 632 int platform_app = ExtensionAPIPermission::kTypePlatformApp; |
| 632 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); | 633 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); |
| 633 ExtensionAPIPermissionSet api_perms = info->GetAll(); | 634 ExtensionAPIPermissionSet api_perms = info->GetAll(); |
| 634 for (ExtensionAPIPermissionSet::iterator i = api_perms.begin(); | 635 for (ExtensionAPIPermissionSet::iterator i = api_perms.begin(); |
| 635 i != api_perms.end(); ++i) { | 636 i != api_perms.end(); ++i) { |
| 636 if (*i == ExtensionAPIPermission::kExperimental) | 637 if (*i == ExtensionAPIPermission::kExperimental) |
| 637 continue; | 638 continue; |
| 638 | 639 |
| 639 ExtensionAPIPermission* permission = info->GetByID(*i); | 640 ExtensionAPIPermission* permission = info->GetByID(*i); |
| 640 const char* name = permission->name(); | 641 const char* name = permission->name(); |
| 641 StringValue* p = new StringValue(name); | 642 StringValue* p = new StringValue(name); |
| 642 permissions->Clear(); | 643 permissions->Clear(); |
| 643 permissions->Append(p); | 644 permissions->Append(p); |
| 644 | 645 |
| 645 // Some permissions are only available to component hosted apps. | 646 // Some permissions are only available to component hosted apps. |
| 646 if (permission->is_component_only()) { | 647 if (permission->is_component_only()) { |
| 647 LoadAndExpectError(Manifest(manifest.get(), name), | 648 LoadAndExpectError(Manifest(manifest.get(), name), |
| 648 errors::kPermissionNotAllowed, | 649 errors::kPermissionNotAllowed, |
| 649 Extension::INTERNAL); | 650 Extension::INTERNAL); |
| 650 scoped_refptr<Extension> extension( | 651 scoped_refptr<Extension> extension( |
| 651 LoadAndExpectSuccess(Manifest(manifest.get(), name), | 652 LoadAndExpectSuccess(Manifest(manifest.get(), name), |
| 652 Extension::COMPONENT)); | 653 Extension::COMPONENT)); |
| 653 EXPECT_TRUE(extension->GetActivePermissions()->HasAPIPermission( | 654 EXPECT_TRUE(extension->GetActivePermissions()->HasAPIPermission( |
| 654 permission->id())); | 655 permission->id())); |
| 655 | 656 |
| 656 } else if (permission->is_platform_app_only()) { | 657 } else if (permission->type_restrictions() == platform_app) { |
| 657 LoadAndExpectError(Manifest(manifest.get(), name), | 658 LoadAndExpectError(Manifest(manifest.get(), name), |
| 658 errors::kPermissionNotAllowed, | 659 errors::kPermissionNotAllowed, |
| 659 Extension::INTERNAL, | 660 Extension::INTERNAL, |
| 660 Extension::STRICT_ERROR_CHECKS); | 661 Extension::STRICT_ERROR_CHECKS); |
| 661 } else if (!permission->is_hosted_app()) { | 662 } else if (!permission->supports_hosted_apps()) { |
| 662 // Most normal extension permissions also aren't available to hosted apps. | 663 // Most normal extension permissions also aren't available to hosted apps. |
| 663 // For these, the error is only reported in strict mode for legacy | 664 // For these, the error is only reported in strict mode for legacy |
| 664 // reasons: crbug.com/101993. | 665 // reasons: crbug.com/101993. |
| 665 LoadAndExpectError(Manifest(manifest.get(), name), | 666 LoadAndExpectError(Manifest(manifest.get(), name), |
| 666 errors::kPermissionNotAllowed, | 667 errors::kPermissionNotAllowed, |
| 667 Extension::INTERNAL, | 668 Extension::INTERNAL, |
| 668 Extension::STRICT_ERROR_CHECKS); | 669 Extension::STRICT_ERROR_CHECKS); |
| 669 scoped_refptr<Extension> extension( | 670 scoped_refptr<Extension> extension( |
| 670 LoadAndExpectSuccess(Manifest(manifest.get(), name), | 671 LoadAndExpectSuccess(Manifest(manifest.get(), name), |
| 671 Extension::INTERNAL)); | 672 Extension::INTERNAL)); |
| (...skipping 295 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 967 EXPECT_TRUE(extension_4->offline_enabled()); | 968 EXPECT_TRUE(extension_4->offline_enabled()); |
| 968 } | 969 } |
| 969 | 970 |
| 970 TEST_F(ExtensionManifestTest, PlatformAppOnlyPermissions) { | 971 TEST_F(ExtensionManifestTest, PlatformAppOnlyPermissions) { |
| 971 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); | 972 ExtensionPermissionsInfo* info = ExtensionPermissionsInfo::GetInstance(); |
| 972 ExtensionAPIPermissionSet private_perms; | 973 ExtensionAPIPermissionSet private_perms; |
| 973 private_perms.insert(ExtensionAPIPermission::kSocket); | 974 private_perms.insert(ExtensionAPIPermission::kSocket); |
| 974 | 975 |
| 975 ExtensionAPIPermissionSet perms = info->GetAll(); | 976 ExtensionAPIPermissionSet perms = info->GetAll(); |
| 976 int count = 0; | 977 int count = 0; |
| 978 int platform_app = ExtensionAPIPermission::kTypePlatformApp; |
| 977 for (ExtensionAPIPermissionSet::iterator i = perms.begin(); | 979 for (ExtensionAPIPermissionSet::iterator i = perms.begin(); |
| 978 i != perms.end(); ++i) { | 980 i != perms.end(); ++i) { |
| 979 count += private_perms.count(*i); | 981 count += private_perms.count(*i); |
| 980 EXPECT_EQ(private_perms.count(*i) > 0, | 982 EXPECT_EQ(private_perms.count(*i) > 0, |
| 981 info->GetByID(*i)->is_platform_app_only()); | 983 info->GetByID(*i)->type_restrictions() == platform_app); |
| 982 } | 984 } |
| 983 EXPECT_EQ(1, count); | 985 EXPECT_EQ(1, count); |
| 984 | 986 |
| 985 // This guy should fail to load because he's requesting platform-app-only | 987 // This guy should fail to load because he's requesting platform-app-only |
| 986 // permissions. | 988 // permissions. |
| 987 LoadAndExpectError("evil_non_platform_app.json", | 989 LoadAndExpectError("evil_non_platform_app.json", |
| 988 errors::kPermissionNotAllowed, | 990 errors::kPermissionNotAllowed, |
| 989 Extension::INTERNAL, Extension::STRICT_ERROR_CHECKS); | 991 Extension::INTERNAL, Extension::STRICT_ERROR_CHECKS); |
| 990 | 992 |
| 991 // This guy is identical to the previous but doesn't ask for any | 993 // This guy is identical to the previous but doesn't ask for any |
| 992 // platform-app-only permissions. We should be able to load him and ask | 994 // platform-app-only permissions. We should be able to load him and ask |
| 993 // questions about his permissions. | 995 // questions about his permissions. |
| 994 scoped_refptr<Extension> extension( | 996 scoped_refptr<Extension> extension( |
| 995 LoadAndExpectSuccess("not_platform_app.json")); | 997 LoadAndExpectSuccess("not_platform_app.json")); |
| 996 scoped_refptr<const ExtensionPermissionSet> permissions; | 998 ExtensionAPIPermissionSet apis = extension->GetActivePermissions()->apis(); |
| 997 permissions = extension->GetActivePermissions(); | 999 for (ExtensionAPIPermissionSet::const_iterator i = apis.begin(); |
| 998 EXPECT_FALSE(permissions->HasPlatformAppPermissions()); | 1000 i != apis.end(); ++i) |
| 1001 EXPECT_NE(platform_app, info->GetByID(*i)->type_restrictions()); |
| 999 } | 1002 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 8598022:
Restrict access to permissions based on extension types. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src